linux服务器上搭建gitolite实现对git server的版本库的权限控制

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了linux服务器上搭建gitolite实现对git server的版本库的权限控制相关的知识,希望对你有一定的参考价值。

一、环境介绍:

1.1Git账户管理机器manage
ip:10.0.0.56

[[email protected] ~]# cat /etc/redhat-release 
CentOS release 6.7 (Final)
[[email protected] ~]# hostname
manage
[[email protected] ~]# tail -2 /etc/hosts
10.0.0.56 manage
10.0.0.11 git-server

1.2.git远程版本库git-server
git远程版本库ip:10.0.0.11

[[email protected] ~]# cat /etc/redhat-release 
CentOS release 6.7 (Final)
[[email protected] ~]# hostname
git-server
[[email protected] ~]# tail -2 /etc/hosts
10.0.0.11 git-server
10.0.0.56 server

二、安装部署

2.1在git账户管理机器上(10.0.0.56)操作:

2.1.1安装git
[[email protected] ~]# yum install git –y

2.1.2创建公钥和私钥
Git账户管理员需要在自己机器(10.0.0.56)上创建SSH公钥/私钥对。

ssh-keygen -f ~/.ssh/git-admin

[[email protected] ~]# ll .ssh/
git-admin git-admin.pub known_hosts
2.1.3配置config文件
为了方便管理和不至于和其他公钥私钥混淆,先配置下SSH客户端的文件 ~/.ssh/config,
可以通过创建主机别名,在连接主机时,使用特定的公钥。例如 ~/.ssh/config 文件中的下列配置

[[email protected] ~]# cat .ssh/config 
host git-server
  user git
  hostname 10.0.0.11
  port 22
  identityfile ~/.ssh/git-admin

把10.0.0.56管理员机器上的公钥copy到git-server(10.0.0.11)服务器上,

[[email protected] ~]# scp .ssh/git-admin.pub git-server:/tmp/

提示:
注意1.git-server机器的sshd端口是必须是22端口,否则在配置免秘钥进行git提交代码时,会提交失败的
注意2.Git账户管理机器manage(10.0.0.56)上的/root/.ssh/config文件权限必须是600,否则在后续添加公钥时,会报错,提示权限不允许

[[email protected] ~]# ll /root/.ssh/config
-rw-rw-r-- 1 root root 99 Mar 29 11:28 /root/.ssh/config
[[email protected] ~]# chmod 600 /root/.ssh/config
[[email protected] ~]# ll /root/.ssh/config 
-rw------- 1 root root 99 Mar 29 11:28 /root/.ssh/config

2.2在git-server远程版本库机器上操作:

在git-server git远程版本库(ip:10.0.0.11)机器上安装gitolite软件来管理git版本库账户
在Git-server git远程版本库安装git
参考文档:
http://blog.sina.com.cn/s/blog_4b5039210102e3r3.html

说明:
Gitolite其实也是一个git repository,首先在git-server机器上安装好后,在client端manage机器上把server上的repository clone下来,在本地做一些更改,再push回server,server端的hooks会根据push上来的配置来更新权限。
在git-server 上操作:

2.2.1在git-server 机器上创建git用户

useradd git
passwd  git 
123456

2.2.2在git-server上安装git和下载gitolite

在git的用户目录下执行下载gitolite软件包:

[[email protected] ~]# yum install git -y
 [[email protected] ~]# su - git
[[email protected] ~]$ git clone https://github.com/sitaramc/gitolite
Initialized empty Git repository in /home/git/gitolite/.git/
 remote: Counting objects: 9385, done.
remote: Total 9385 (delta 0), reused 0 (delta 0), pack-reused 9385
Receiving objects: 100% (9385/9385), 2.96 MiB | 95 KiB/s, done.
Resolving deltas: 100% (5805/5805), done.

2.2.3安装gitolite

[[email protected] ~]$ mkdir bin
[[email protected] ~]$ gitolite/install -to $HOME/bin
[[email protected] ~]$ ls
bin  gitolite
[[email protected] ~]$ cd bin
[[email protected] bin]$ ls
commands  gitolite  gitolite-shell  lib  syntactic-sugar  triggers  VERSION  VREF

会在bin下生成一个gitolite可执行文件

必须先在10.0.0.56机器把git-admin.pub公钥先拷贝到git-server10.0.0.11机器上

[[email protected] ~]# scp .ssh/git-admin.pub git-server:/tmp/git-admin.pub
[[email protected] bin]$ gitolite setup -pk /tmp/git-admin.pub
[[email protected] ~]$ cd bin/
[[email protected] bin]$ ls
gitolite
[[email protected] bin]$ gitolite setup -pk /tmp/git-admin.pub
Initialized empty Git repository in /home/git/repositories/gitolite-admin.git/
Initialized empty Git repository in /home/git/repositories/testing.git/
WARNING: /home/git/.ssh missing; creating a new one
    (this is normal on a brand new install)
WARNING: /home/git/.ssh/authorized_keys missing; creating a new one
    (this is normal on a brand new install)
[[email protected] bin]$

此命令会在你的~/repositories/目录生成两个repository:gitolite-admin.git和testing.git

[[email protected] ~]$ cd repositories/
[[email protected] repositories]$ ls
gitolite-admin.git  testing.git
[[email protected] bin]$ ll /home/git/repositories/
total 8
drwx------ 8 git git 4096 Jul 23 15:53 gitolite-admin.git
drwx------ 7 git git 4096 Jul 23 15:53 testing.git

用户目录下生成一个project.list,默认里面有一个testing的git的project

[[email protected] ~]$ more projects.list 
testing.git

到此处gitolite安装完毕!

2.3再回到在manage端机器上操作:

克隆 git-server版本库上的gitolite-admin到manage账户管理端机器
!!!注意:

命令一定要是git clone git-server:gitolite-admin
而不是:git clone git-server:/home/git/repositories/gitolite-admin
更不是:git clone git-server:gitolite-admin.git

[[email protected] ~]# git clone git-server:gitolite-admin

提示报错:

[[email protected] ~]#  git clone git-server:gitolite-admin
Initialized empty Git repository in /root/gitolite-admin/.git/
Bad owner or permissions on /root/.ssh/config
fatal: The remote end hung up unexpectedly

权限不对,以下给600权限解决问题

[[email protected] ~]# ll /root/.ssh/config
-rw-rw-r-- 1 root root 99 Mar 29 11:28 /root/.ssh/config
[[email protected] ~]# chmod 600 /root/.ssh/config
[[email protected] ~]#  git clone git-server:gitolite-admin
Initialized empty Git repository in /root/gitolite-admin/.git/
Warning: Permanently added ‘221.195.1.233‘ (RSA) to the list of known hosts.
remote: Counting objects: 6, done.
remote: Compressing objects: 100% (4/4), done.
remote: Total 6 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (6/6), done.

[[email protected] ~]# ll gitolite-admin/
total 8
drwxrwxr-x 2 root root 4096 Mar 29 12:00 conf
drwxrwxr-x 2 root root 4096 Mar 29 12:00 keydir

clone完后会有个新的目录gitolite-admin,里面有两个文件夹conf和keydir,第一个目录中包含的是配置文件,里面就是记录权限配置的地方,第二个目录中则包含所有用户的pub key。

[[email protected] ~]# ll gitolite-admin/*
gitolite-admin/conf:
total 4
-rw-r--r-- 1 root root 77 Jul 22 15:10 gitolite.conf
gitolite-admin/keydir:
total 4
-rw-r--r-- 1 root root 393 Jul 22 15:10 git-admin.pub
[[email protected] ~]# cat gitolite-admin/conf/gitolite.conf 
repo gitolite-admin
    RW+     =   admin

repo testing
RW+     =   @all

首先 gitolite-admin只有admin有读写权限,其他人都不能读写
另外一个代码库testing是所有人都可以访问

2.4放置manage端机器的公钥文件git-admin.pub到gitolite-admin/keydir 目录下,然后提交到远程的版本库git-server上

[[email protected] ~]# git add conf/ keydir/
[[email protected] ~]# git status
[[email protected] ~]# git push

在git-server 机器远程版本库上查看密钥文件:
[[email protected] ~]$ cat /home/git/.ssh/authorized_keys

#gitolite start
command="/home/git/gitolite/src/gitolite-shell admin",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzXc/2BPDIZ/3PnoXhgVEyZLdF5oiE+UuumBeOxcR2FGoGUVEaSWYOZ2zWYIk5RCzKNWb3d9Ur51l7DpQunmCUlvf4lOZ7UT68jnhAF/NNN9a6upEHBls5hpFvVp+DmqOYuVuWs+FQhShPvp70QJfsx/+gg14rw9A1/jN5GdgrrStYorNEE1Ut8/T1t9tNxsIlfwgd6pQPKpWJ11sANWx9U+DfUEAN4a0bCiZ/PQ+9aR+SJ1Y+H68pt2+iy4I8UXuhtgSqYTu5YmxsJlF3uoHypF4lOTqgiP0HYr8FNZ3KWg2ome8fUOnO2VbNvgAXafhLEfBd5zxd6YChDHwfIclvQ== [email protected]
#gitolite end

此时你可以免秘钥在manage机器上进行克隆远程版本库上的代码:

[[email protected] ~]# git clone git-server:gitolite-admin
Initialized empty Git repository in /tmp/gitolite-admin/.git/
remote: Counting objects: 16, done.
remote: Compressing objects: 100% (12/12), done.
remote: Total 16 (delta 2), reused 0 (delta 0)
Receiving objects: 100% (16/16), done.
Resolving deltas: 100% (2/2), done.
[[email protected] ~]# ll gitolite-admin
total 8
drwxrwxr-x 2 root root 4096 Mar 30 21:57 conf
drwxrwxr-x 2 root root 4096 Mar 30 21:57 keydir

如果注释掉[[email protected] ~]$ ll /home/git/.ssh/authorized_keys这个文件的内容,在你克隆的时候回提示让你输入密码,同事即使你输入密码,clone远程版本库的代码依旧会失败

[[email protected] tmp]# git clone git-server:gitolite-admin
Initialized empty Git repository in /tmp/gitolite-admin/.git/
[email protected]‘s password: 123456
fatal: ‘gitolite-admin‘ does not appear to be a git repository
fatal: The remote end hung up unexpectedly

以上是关于linux服务器上搭建gitolite实现对git server的版本库的权限控制的主要内容,如果未能解决你的问题,请参考以下文章

CentOS7利用Gitolite搭建本地Git服务器

使用gitolite搭建Git服务器

搭建gitolite服务器

使用Gitolite来对Git的repository实现权限控制

[转载] 使用Gitolite来对Git的repository实现权限控制

使用Gitolite搭建Git服务器